formats

Welcome to News & Events

Published on December 20, 2011, by in Industry News.

Welcome to The Fraud Practice’s FraudBlog; your source for updates on current events, commentary and best practices related to the eCommerce CNP payments and fraud industry.

Be sure to signup to see all of our content to include our free monthly FraudBlog Newsletter.

 
formats

Google and Samsung Each Announce Mobile Payment Plans Utilizing Tokenization and Biometric Authentication

Following Apple’s lead Samsung and Google each announced mobile payment services of their own with a similar naming structure. The recently announced Samsung Pay and Android Pay will both make use of fingerprint biometrics to authenticate transactions as well as tokenization, although all three systems have their similarities and differences.

Both organizations announced their planned mobile payment developments at the Mobile World Congress event held in Barcelona. Samsung Pay is expected to launch this summer in South Korea and the United States with a release in Europe planned later. At this stage it is uncertain when Android Pay will be available to the public but it is known that Visa, MasterCard and American Express will support it and there is likely to be more information coming at Google’s annual developer conference in May.

Read More

 
formats

Are the FIDO Alliance Authentication Specifications the Beginning of the End for Passwords?

The FIDO (Fast Identity Online) Alliance released their first documents for stronger authentication at the end of 2014 with version 1.0 of their Universal Authentication Framework (UAF) and Universal 2nd Factor (U2F) specifications. The group of more than 150 member organizations hopes to usher in the post-password era through biometrics, hardware and other forms of authentication, and is continuing to expand on their specifications to incorporate NFC and Bluetooth capabilities.

The FIDO Alliance formed in 2012 and has continued to grow as major financial institutions, payment, hardware, and technology organizations have joined. Board level members include Alibaba Group, Bank of America, Google, Microsoft, Visa, MasterCard and others. The Alliance’s first formal and published specifications outline a new standard for authentication offering “FIDO-enabled authenticators” that any organization, website or application can interface with. The intent is for the specifications to be an open standard rather than patent-restricted authentication processes or protocols as board level organizations Google and Nok Nok Labs each donated intellectual property. FIDO members can freely implement and market solutions around the FIDO-enabled authenticators while non-members can freely deploy these solutions as well.

Read More

 
formats

Google Wallet Partners with and Acquires Softcard’s Technology to Better Odds of Winning Mobile Wallet Wars

While there had been rumors that Google was in talks with Softcard to acquire the mobile network’s joint venture, the two organizations made an official announcement about their newly formed partnership on February 23rd. Under the deal Google will acquire Softcard’s patents and technology while the three major carriers that formed Softcard will now include the Google Wallet app pre-installed on their Android smartphones.

Once rivals, Google Wallet and Softcard now share a common line of reasoning that reflects a famous proverb: “An enemy of my enemy is my friend.” That common enemy is Apple Pay. To combat this enemy, or to at least keep pace with them, Google Wallet and Softcard decided to team up with a quasi-partnership-acquisition deal.

Read More

 
formats

Visa to Expand Token Service used with Apple Pay to Visa Checkout and eCommerce Merchants in 2015

The world’s largest card network commercially debuted their Visa Token Service in October, 2014 coinciding with the launch of Apple Pay. The service provisions issuers with a token that can be used in place of the card’s primary account number. The token is then transmitted to merchants via Apple Pay for processing for both in-store and in-app purchases. In February Visa announced plans to expand their token service beyond use in Apple Pay to all Visa Checkout transactions, as well as for online transactions with larger, participating merchants that are completed when using a Visa card directly.

The implication of this announcement is that many more mobile wallets and payment services may start using VTS in the not-too-distant future. Visa also expects larger eCommerce merchants to deploy VTS and is already in talks with major online merchants to make tokenization updates to stored credit card data.

Read More

 
formats

Increase in Mobile Fraud Outpaces Mobile Transaction Growth

According to a recent study from LexisNexis mobile commerce represents 14 percent of all transactions, but 21 percent of fraudulent transactions are attributed to the mobile channel. Meanwhile the value of fraud losses for mobile channel merchants quickly grew from 0.8 percent of revenue in 2013 to 1.36 percent of revenue in 2014.

According to estimates from Forrester Research, mobile payments will account for $67 billion in U.S. transactions in 2015, up from $52 billion in 2014 and $32 billion in 2013. While mobile transaction volume grew by nearly 63 percent from 2013 to 2014, the value of fraud losses for mobile channel merchants increased by 70 percent, from 80 cents to $1.36 per $100 in revenue, during this same time frame.

Read More

 
formats

Samsung Acquires Mobile Payment Technology Startup LoopPay

Samsung, one of the primary Google Wallet partners, announced in late February that they would acquire mobile contactless payment platform and wallet LoopPay, which uses a proprietary phone case or keychain fob to transmit payment information to traditional point-of-sale payment terminals using patented Magnetic Secure Transmission™ technology. Terms of the acquisition, which has potential to shakeup the mobile wallet market, were not disclosed.

LoopPay, based in the Boston, Massachusetts area, will be a wholly owned subsidiary under Samsung Electronics America while co-founder and CEO Will Graylin will continue to lead the LoopPay organization in addition to becoming a co-GM for Samsung payment solutions.

This acquisition may signal that Samsung is hedging their bets to be part of the future or mobile payments, with or without Google.

Read More

 
formats

Visa Working with Issuers to Expand use of Mobile Geolocating to Verify Card Present Transactions

Visa has partnered with Finsphere, a geospatial analytics company, to provide location information of mobile devices at the time of a card transaction. The card network is now working with card issuers to embed the mobile geolocation features in their mobile banking apps and estimates that 30 percent of wrongly declined transactions can be stopped.

Finsphere jointly launched a service called PinPoint in 2010 along with Location Labs. It was a similar mobile geolocating service to what Visa is looking to implement, although notifications went directly to the cardholder rather than the card issuers. Partnering with Finshpere, Visa plans to offer location tracking to their issuing bank partners in hopes of reducing unnecessary declines when a consumer travels.

 
formats

U.S. Proposes National Data Breach Notification and Protection Standards

This week the White House proposed the Personal Data Notification and Protection Act, which seeks to set a national standard for data breach notification requirements replacing the patchwork of separate laws across 47 states. If passed into law, this act would strengthen and more clearly define what is required of organizations that suffer data breaches, including the requirement to inform those impacted by the data breach within 30 days of breach discovery.

If passed by Congress, this act would benefit organizations by clarifying a national standard with breach notifications while benefiting consumers with more uniform protection and rights. This would be especially beneficial for consumers in Alabama, New Mexico and South Dakota, states with no data breach notification laws in place currently.

Read More

 
formats

In 2015 Achieving PCI Compliance Means Meeting the Version 3.0 Standards

The first big change for payments in 2015 took effect on January 1st when the deadline to meet PCI Data Security Standards (DSS) version 3.0 requirements passed. The Fraud Practice provides a quick overview of what has changed and what that means for organizations that must adhere to these standards.

The third version of the PCI Data Security Standards both expands on existing requirements and creates new ones. The number of PCI requirements increased by more than 25 percent from version 2.0 and there are now 408 requirements in total. This includes documenting more procedures around fulfilling requirements, more clearly defining PCI responsibilities in vendor contracts, enhanced penetration testing and maintaining more of a year-round approach to data security rather than a once-a-year, check-the-box mentality.

Read More

 
© The Fraud Practice LLC 2012